عرض بسيط للتسجيلة

المؤلفHassan, Ali
المؤلفKhan, Muhammad Suleman
المؤلفAlGhadhban, Amer
المؤلفAlazmi, Meshari
المؤلفAlzamil, Ahmed
المؤلفAl-utaibi, Khaled
المؤلفQadir, Junaid
تاريخ الإتاحة2025-07-07T04:21:47Z
تاريخ النشر2023-09-30
اسم المنشورComputers & Security
المعرّفhttp://dx.doi.org/10.1016/j.cose.2023.103367
الاقتباسAli, H., Khan, M. S., AlGhadhban, A., Alazmi, M., Alzamil, A., Al-Utaibi, K., & Qadir, J. (2023). Con-detect: Detecting adversarially perturbed natural language inputs to deep classifiers through holistic analysis. Computers & Security, 132, 103367.
الرقم المعياري الدولي للكتاب01674048
معرّف المصادر الموحدhttps://www.sciencedirect.com/science/article/pii/S0167404823002778
معرّف المصادر الموحدhttp://hdl.handle.net/10576/65987
الملخصDeep Learning (DL) algorithms have shown wonders in many Natural Language Processing (NLP) tasks such as language-to-language translation, spam filtering, fake-news detection, and comprehension understanding. However, research has shown that the adversarial vulnerabilities of deep learning networks manifest themselves when DL is used for NLP tasks. Most mitigation techniques proposed to date are supervised—relying on adversarial retraining to improve the robustness—which is impractical. This work introduces a novel, unsupervised detection methodology for detecting adversarial inputs to NLP classifiers. In summary, we note that minimally perturbing an input to change a model’s output—a major strength of adversarial attacks—is a weakness that leaves unique statistical marks reflected in the cumulative contribution scores of the input. Particularly, we show that the cumulative contribution score, called CF-score, of adversarial inputs is generally greater than that of the clean inputs. We thus propose Con-Detect—a Contribution based Detection method—for detecting adversarial attacks against NLP classifiers. Con-Detect can be deployed with any classifier without having to retrain it. We experiment with multiple attackers—Text-bugger, Text-fooler, PWWS—on several architectures—MLP, CNN, LSTM, Hybrid CNN-RNN, BERT—trained for different classification tasks—IMDB sentiment classification, fake-news classification, AG news topic classification—under different threat models—Con-Detect-blind attacks, Con-Detect-aware attacks, and Con-Detect-adaptive attacks—and show that Con-Detect can reduce the attack success rate (ASR) of different attacks from 100% to as low as 0% for the best cases and ≈70% for the worst case. Even in the worst case, we note a 100% increase in the required number of queries and a 50% increase in the number of words perturbed, suggesting that Con-Detect is hard to evade.
راعي المشروعThis research has been funded by Deputy for Research & Innovation, Ministry of Education through Initiative of Institutional Funding at University of Ha’il-Saudi Arabia through project number IFP-22 216. Open Access funding provided by the Qatar National Library.
اللغةen
الناشرElsevier
الموضوعMachine learning security
Adversarial detection
Adversarial machine learning
Secure natural language processing
Adversarial signatures
العنوانCon-Detect: Detecting adversarially perturbed natural language inputs to deep classifiers through holistic analysis
النوعArticle
رقم المجلد132
Open Access user License http://creativecommons.org/licenses/by/4.0/
ESSN1872-6208
dc.accessType Full Text


الملفات في هذه التسجيلة

Thumbnail

هذه التسجيلة تظهر في المجموعات التالية

عرض بسيط للتسجيلة